Relay device, relay method, and non-transitory computer readable medium

ABSTRACT

A relay device includes an identification information acquisition unit, a privilege information acquisition unit, a memory, and a controller. The identification information acquisition unit acquires user identification information for allowing the relay device to identify a user. The privilege information acquisition unit acquires privilege information indicating that access to the service providing device is authorized from a service providing device which provides a service to a client device used by the user. The memory stores the user identification information and the privilege information in association with each other. Upon receiving a service processing request made to the service providing device and transmitted together with the user identification information from the client device, the controller controls the service providing device to perform communication processing corresponding to the service processing request using the privilege information stored in association with the user identification information.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based on and claims priority under 35 USC 119 from Japanese Patent Application No. 2012-148756 filed Jul. 2, 2012.

BACKGROUND

(i) Technical Field

The present invention relates to a relay device, a relay method, and a non-transitory computer readable medium.

(ii) Related Art

Services in which server devices on networks in place of client devices perform various kinds of information processing, such as storing data and converting a data format, are called cloud services or cloud computing services.

SUMMARY

According to an aspect of the invention, there is provided a relay device including an identification information acquisition unit, a privilege information acquisition unit, a memory, and a controller. The identification information acquisition unit acquires user identification information for allowing the relay device to identify a user. The privilege information acquisition unit acquires privilege information from a service providing device which provides a service to a client device used by the user, the privilege information indicating that access to the service providing device is authorized. The memory stores the user identification information acquired by the identification information acquisition unit and the privilege information acquired by the privilege information acquisition unit in association with each other. Upon receiving a service processing request made to the service providing device and transmitted together with the user identification information from the client device, the controller controls the service providing device to perform communication processing corresponding to the service processing request using the privilege information stored in association with the user identification information.

BRIEF DESCRIPTION OF THE DRAWINGS

An exemplary embodiment of the present invention will be described in detail based on the following figures, wherein:

FIG. 1 is a block diagram illustrating the configuration of a communication system;

FIG. 2 is a block diagram illustrating the hardware configuration of a client device;

FIG. 3 is a block diagram illustrating the hardware configuration of a relay device;

FIG. 4 is a block diagram illustrating the software configuration of the relay device;

FIG. 5 is a sequence diagram illustrating the operation of the communication system;

FIG. 6 illustrates an example of a user database stored in a cloud service providing device;

FIG. 7 illustrates an example of data stored in the relay device;

FIG. 8 is a sequence diagram illustrating the operation of the communication system; and

FIG. 9 is a sequence diagram illustrating the operation of the communication system.

DETAILED DESCRIPTION

FIG. 1 is a block diagram illustrating the overall configuration of a communication system 1 according to an exemplary embodiment of the present invention. The communication system 1 includes plural client devices 10 a, 10 b, and 10 c, plural personal computers (PCs) 100 a, 100 b, and 100 c, a network 20, a relay device 30, and plural cloud service providing devices 40 a, 40 b, and 40 c. The client device 10 a and the PC 100 a may be used in pair, the client device 10 b and the PC 100 b may be used in pair, and the client device 10 c and the PC 100 c may be used in pair. Each of the pairs may be accommodated in an individual network such as a local area network (LAN).

Each of the cloud service providing devices 40 a, 40 b, and 40 c is a device that provides so-called cloud services, and is an example of a service providing device according to an exemplary embodiment of the present invention. The term “cloud service”, as used herein, refers to a service in which a server device on a network, rather than a client device, performs various kinds of information processing, such as storing data, providing data, and converting a data format. The client devices 10 a, 10 b, and 10 c are information processing devices that receive cloud services provided from the cloud service providing devices 40 a, 40 b, and 40 c. In this exemplary embodiment, the client devices 10 a, 10 b, and 10 c may be image forming devices such as printers, image reading devices such as scanners, or the like. The network 20 is a communication network via which the client devices 10 a, 10 b, and 10 c, the PCs 100 a, 100 b, and 100 c, the relay device 30, and the cloud service providing devices 40 a, 40 b, and 40 c are connected to one another, and may be, for example, the Internet.

When cloud services are provided from the cloud service providing devices 40 a, 40 b, and 40 c to the client devices 10 a, 10 b, and 10 c, the relay device 30 relays data exchanged between the cloud service providing devices 40 a, 40 b, and 40 c and the client devices 10 a, 10 b, and 10 c. More specifically, for example, when image data to be stored is transmitted from any of the client devices 10 a, 10 b, and 10 c, the relay device 30 transfers the image data to any of the cloud service providing devices 40 a, 40 b, and 40 c or, when image data to be output is transmitted from any of the cloud service providing devices 40 a, 40 b, and 40 c, the relay device 30 transfers the image data to any of the client devices 10 a, 10 b, and 10 c. Alternatively, while the image data described above is transmitted and received between the cloud service providing devices 40 a, 40 b, and 40 c and the client devices 10 a, 10 b, and 10 c, the relay device 30 calls a service other than the service for transmitting and receiving the image data described above (such as a service for performing image recognition called optical character recognition (OCR) or a service for converting the format of the image data).

The client devices 10 a, 10 b, and 10 c have various resources implemented thereon. For example, some image forming devices serving as client devices may have lower display capabilities than general PCs, and even client devices included in the same category of image forming device may have different processing capabilities and different types of formats of image data to support. Because of different developers or administrators, the cloud service providing devices 40 a, 40 b, and 40 c have various specifications such as different interpretable commands, communication protocols, and languages used to exchange data between devices, such as application programming interfaces (APIs). For this reason, the relay device 30 is configured to relay data such as control data, image data, and files exchanged between the client devices 10 a, 10 b, and 10 c and the cloud service providing devices 40 a, 40 b, and 40 c without being affected by the difference in resource of the client devices 10 a, 10 b, and 10 c or the difference in specification of the cloud service providing devices 40 a, 40 b, and 40 c.

Single sign-on is available as a mechanism for authentication processing in the relay of data of this type. Single sign-on is a process in which a relay device or the like holds plural pieces of authentication information registered in the individual cloud services, namely, user names and passwords, in association with each other and the relay device is responsible for logging in the individual cloud services. In this mechanism, however, since the relay device 30 holds authentication information, namely, personal information such as user names and passwords, the risk of such personal information leaking to any third party may not be undeniable. Accordingly, the relay device 30 is configured to relay data from the client devices 10 a, 10 b, and 10 c to the cloud service providing devices 40 a, 40 b, and 40 c without holding user names and passwords registered by the users in the cloud service providing devices 40 a, 40 b, and 40 c.

The number of devices constituting the communication system 1 is not limited to that illustrated in FIG. 1. The hardware configurations and operations of the client devices 10 a, 10 b, and 10 c are substantially equivalent, and therefore the client devices 10 a, 10 b, and 10 c will be hereinafter collectively referred to as the “client devices 10” or each individually as the “client device 10” unless individually identified. The PCs 100 a, 100 b, and 100 c and the cloud service providing devices 40 a, 40 b, and 40 c will also sometimes be collectively referred to as the “PCs 100” and the “cloud service providing devices 40” or each individually as the “PC 100” and the “cloud service providing device 40”, respectively.

FIG. 2 illustrates the hardware configuration of each of the client devices 10. The client device 10 includes a controller 11, a communication unit 12, an operation unit 13, a display 14, an image forming/reading unit 15, and a memory 16. The controller 11 includes an arithmetic unit such as a central processing unit (CPU) and main memory devices such as a read only memory (ROM) and a random access memory (RAM). The ROM stores a program to be executed by the CPU. The CPU uses the RAM as a work area and executes a program stored in the ROM or the memory 16 to control the operation of the individual units of the client device 10. The communication unit 12 communicates with the relay device 30 and the cloud service providing devices 40 via the network 20 in accordance with, for example, the Hypertext Transfer Protocol (HTTP). The communication unit 12 is an example of a communication unit according to an exemplary embodiment of the present invention. The operation unit 13 may be an operation unit having operators such as various keys and a touch sensor, and supplies an operation signal corresponding to an operation of the user to the controller 11. The controller 11 performs processing in accordance with the operation signal. The display 14 may be a display having a liquid crystal panel and a liquid crystal drive circuit, and is configured to display an image under control of the controller 11. The image forming/reading unit 15 is configured to form an electrophotographic image and to optically read an image on a document. The memory 16 may be a large-capacity memory such as a hard disk, and stores a data group or program group to be used by the controller 11.

FIG. 3 illustrates the hardware configuration of the relay device 30. The relay device 30 is configured as a computer including a controller 31, a communication unit 32, and a memory 33. The controller 31 includes an arithmetic unit such as a CPU and main memory devices such as a ROM and a RAM. The CPU uses the RAM as a work area and executes a program stored in the ROM or the memory 33 to control the operation of the individual units of the relay device 30. The communication unit 32 performs data communication with the client devices 10, the PCs 100, and the cloud service providing devices 40 via the network 20 in accordance with, for example, the HTTP. The memory 33 may be a non-volatile large-capacity memory such as a hard disk, and stores a data group or program group to be used by the controller 31.

FIG. 4 illustrates the functional configuration of the relay device 30. The relay device 30 includes a first abstraction interface unit 310 (an interface will be hereinafter referred to as an “I/F”), a second abstraction I/F unit 320, and communication I/F units 330 a, 330 b, and 330 c. The first abstraction I/F unit 310 is configured to absorb a difference between the client devices 10, and implements mutual conversion between a language interpretable by each of the client devices 10, such as a control command and an API, and an intermediate language interpretable by the relay device 30. The second abstraction I/F unit 320 is configured to absorb a difference between the cloud service providing devices 40, and implements mutual conversion between a language interpretable by each of the cloud service providing devices 40, such as a control command and an API, and the intermediate language interpretable by the relay device 30. The number of communication I/F units 330 is equal to the number of cloud service providing devices 40, and the communication I/F units 330 communicate with the cloud service providing devices 40 in accordance with the protocols used by the cloud service providing devices 40. The first abstraction I/F unit 310 is an example of a first conversion unit according to an exemplary embodiment of the present invention that performs a first conversion process for mutual conversion between a language interpretable by each of plural client devices and a language interpretable by a relay device. The second abstraction I/F unit 320 is an example of a second conversion unit according to an exemplary embodiment of the present invention that performs a second conversion process for mutual conversion between a language interpretable by each of plural service providing devices and a language interpretable by a relay device. The communication I/F units 330 a, 330 b, and 330 c are examples of plural communication interface units according to an exemplary embodiment of the present invention that are provided respectively for plural service providing devices and that are configured to communicate with the associated service providing devices in accordance with protocols (for example, HTTP) used by the service providing devices.

Operation

Next, an operation according to an exemplary embodiment will be described with reference to FIGS. 5 to 9. In the following description, by way of example, the client device 10 a illustrated in FIG. 1 receives a data storage service provided from the cloud service providing device 40 a.

In FIG. 5, the controller 31 of the relay device 30 needs to register itself in federation with one of the cloud service providing devices 40 that provides a service to the client device 10 a. The term “federation”, as used herein, means that the relay device 30 and the cloud service providing devices 40 federate with each other. In other words, the term “federation” means the state that credential is established between the relay device 30 and the cloud service providing devices 40. The controller 31 of the relay device 30 requests the cloud service providing device 40 a to register itself in federation with the relay device 30 (step S1). The controller 31 of the relay device 30 sends device identification information for identifying the relay device 30 and a federation registration request to the cloud service providing device 40 a. The cloud service providing device 40 a transmits federation acceptance information indicating that federation has been accepted to the requesting relay device 30 (step S2). In this case, the cloud service providing device 40 a stores the device identification information identifying the relay device 30 in association with information indicating acceptance of federation.

Then, the user operates the PC 100 a to send a request for access to the cloud service to the relay device 30. In response to the access request, the controller 31 of the relay device 30 transmits data (for example, Uniform Resource Locator (URL) of the site for access to the cloud service) for displaying an access screen used for guiding access to the cloud service to the PC 100 a, and the PC 100 a causes the access screen to be displayed on the display 14 by using a function of a web browser or the like. The access screen is written in a hypertext markup language (HTML) or any other suitable language. The user enters their user ID and an input to access the desired cloud service providing device 40 a (step S3). Here, as an example, the user “tanaka” enters the user ID “tanaka” to perform user authentication at the relay device 30.

The controller 31 of the relay device 30 may transmit to the PC 100 a information indicating that access to the cloud service providing device 40 a with which the relay device 30 has registered itself in federation in advance is possible, and may cause a screen that provides direct access to the cloud service providing device 40 a to be displayed by using the function of the web browser of the PC 100 a to allow the user to issue an instruction to access the cloud service providing device 40 a on the screen.

The relay device 30 may register itself in advance in federation with the plural cloud service providing devices 40 a, 40 b, and 40 c. In this case, the controller 31 of the relay device 30 may cause a screen for allowing the user to select which of the plural cloud service providing devices 40 a, 40 b, and 40 c to access to be displayed on the PC 100 a. When the user selects the cloud service providing device 40 a they wish to access, the PC 100 a transmits to the relay device 30 the user ID and a request for access to the cloud service providing device 40 a (step S4). Upon receiving from the PC 100 a the user ID and the request for access to the cloud service providing device 40 a, the controller 31 of the relay device 30 transfers the access request received from the PC 100 a to the cloud service providing device 40 a registered in advance in federation with the relay device 30 (step S5). In this case, the controller 31 of the relay device 30 stores the user ID transmitted together with the access request from the PC 100 a in the memory 33 in association with information indicating that the access request has been transferred to the cloud service providing device 40 a.

Upon receiving the access request, the cloud service providing device 40 a checks the login state (step S6). If a login account corresponding to the access request does not exist, the cloud service providing device 40 a generates data for displaying a login request screen (step S7), and transmits the generated data to the PC 100 a that has sent the access request. The PC 100 a displays a login screen for login to the cloud service providing device 40 a by using the function of the web browser (step S8).

The user enters the login account, or the user name and the password, as authentication information used by the cloud service providing device 40 a on the login screen for login to the cloud service providing device 40 a which is displayed on the PC 100 a (step S9). The login account entered by the user, or the user name and the password, is transmitted to the cloud service providing device 40 a (step S10). Here, the user “tanaka” enters the user name “tanaka-cloud” and the password “aaaa”, which are authentication information for login to the cloud service providing device 40 a.

The cloud service providing device 40 a performs authentication processing using a user database illustrated in FIG. 6 based on the received login account, namely, the user name and the password. If it is determined that login is successful (step S11), the cloud service providing device 40 a generates screen data for prompting the user to input whether or not access is to be granted to permit the relay device 30 that has registered itself in advance in federation with the cloud service providing device 40 a and that has transferred the access request to access the cloud service providing device 40 a, and transmits the generated screen data to the PC 100 a (step S12).

The PC 100 a displays an access permission input screen based on the received screen data for inputting access permission by using the function of the web browser. When the user inputs “access permission” (step S13), the PC 100 a transmits an “access permission” instruction to the cloud service providing device 40 a (step S14).

Upon receiving an “access permission” instruction from the PC 100 a, the cloud service providing device 40 a issues an access token for accessing the cloud service providing device 40 a to the relay device 30 that has transferred the access request and that has registered itself in advance in federation with the cloud service providing device 40 a, and transmits the access token to the relay device 30 (step S15). The access token is privilege information granted to the login account by the cloud service providing device 40 a, and includes, for example, account information and information indicating access privilege. When an access request is made together with the access token, the cloud service providing device 40 a grants access with the privilege of the login account corresponding to the issued access token. Here, if the user name “tanaka-cloud” and the password “aaaa” entered by the user “tanaka”, which are authentication information for login to the cloud service providing device 40 a, are authenticated, the access token “1234 abcd” corresponding to the account is issued and transmitted to the relay device 30 registered in federation with the cloud service providing device 40 a.

The controller 31 of the relay device 30 stores the access token in the memory 33 in association with the user ID stored in step S5 in a manner illustrated in FIG. 7 (step S16). Here, the user ID “tanaka”, which is information with which the user “tanaka” accesses the relay device 30, and the access token “1234 abcd” issued in response to successful authentication of login to the cloud service providing device 40 a by the user “tanaka” and transmitted to the relay device 30 are stored in association with each other, and are stored in the manner illustrated in FIG. 7. Through the process illustrated in FIG. 5 described above, the relay device 30 has access privilege to the cloud service providing device 40 a specified by the user ID.

Next, referring to FIG. 8, the user inputs their user ID to the client device 10 a by, for example, causing the client device 10 a to read a card medium storing the user ID, and further operates the operation unit 13 to make a request for a list of cloud services. The controller 11 of the client device 10 a accepts the operation, and transmits a service list request to the relay device 30 (step S21). In response to the request, the controller 31 of the relay device 30 transmits a service list to the client device 10 a (step S22). When the user performs an operation of specifying a data storage service from the service list displayed on the display 14 of the client device 10 a, the controller 11 of the client device 10 a accepts the operation (step S23), and transmits a request for access to the data storage service to the relay device 30 (step S24).

Upon receiving the access request, the controller 31 of the relay device 30 performs conversion processing (step S25). Specifically, the first abstraction I/F unit 310 performs a process for converting a language interpretable by the client device 10 a into an intermediate language interpretable by the controller 31 of the relay device 30, and the second abstraction I/F unit 320 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into a language interpretable by the cloud service providing device 40 a. The access request subjected to the conversion processes described above is transmitted to the cloud service providing device 40 a from the communication I/F unit 330 a associated with the cloud service providing device 40 a after an access token corresponding to the user ID is added to the access request (step S26). After verifying the validity of the access token, the cloud service providing device 40 a transmits information on a folder list in response to the access request to the relay device 30 (step S27). Specifically, since the cloud service providing device 40 a has issued an access token concurrently with the successful login of the user, the cloud service providing device 40 a permits the data storage service to be provided to the user whose access token has been validated, and transmits information on a list of folders available to the user to the relay device 30.

Upon receiving the information on the folder list, the controller 31 of the relay device 30 performs conversion processing (step S28). Specifically, the second abstraction I/F unit 320 performs a process for converting the language interpretable by the cloud service providing device 40 a into the intermediate language interpretable by the controller 31 of the relay device 30, and the first abstraction I/F unit 310 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into the language interpretable by the client device 10 a. The information on the folder list subjected to the conversion processes described above is transmitted to the client device 10 a (step S29).

The user refers to the folder list displayed on the display 14 of the client device 10 a, and operates the operation unit 13 to specify a desired folder as a storage location. Then, the user performs an operation of causing the image forming/reading unit 15 of the client device 10 a to read a document. Upon accepting this operation, the controller 11 of the client device 10 a causes the image forming/reading unit 15 to read a document to acquire image data (step S30). The controller 11 of the client device 10 a transmits the acquired image data and a request for storing the image data in the specified folder to the relay device 30 (step S31). Upon receiving the request and the image data, the controller 31 of the relay device 30 performs conversion processing from one language to another (step S32). Specifically, the first abstraction I/F unit 310 performs a process for converting the language interpretable by the client device 10 a into the intermediate language interpretable by the controller 31 of the relay device 30, and the second abstraction I/F unit 320 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into the language interpretable by the cloud service providing device 40 a.

Then, the data subjected to the conversion processes described above (the image data and the request for storing the image data in the folder specified as a storage location) is transmitted to the cloud service providing device 40 a from the communication I/F unit 330 a associated with the cloud service providing device 40 a after an access token corresponding to the user ID described above is added to the data (step S33). Upon receiving the request for storing the image data in the folder and the image data which have been converted by the relay device 30, the cloud service providing device 40 a verifies the validity of the access token and then stores the image data in the folder (step S34). Then, the cloud service providing device 40 a transmits a completion notification indicating that the image data has been stored (step S35). The controller 31 of the relay device 30 performs conversion processing similar to that in step S28 on the completion notification (step S36), and then transmits the resulting completion notification to the client device 10 a (step S37). The controller 11 of the client device 10 a displays the completion notification on the display 14.

In the foregoing description, by way of example, the client device 10 a illustrated in FIG. 1 receives a data storage service provided by the cloud service providing device 40 a. The following description will be made of an example in which the client device 10 a prints document data held, generated, and managed by the cloud service providing device 40 a.

A data printing service relayed by the relay device 30 enables document data managed by the cloud service providing device 40 a to be specified by the client device 10 a and relayed by the relay device 30 so that the document data may be printed and output from the client device 10 a. Since the cloud service providing device 40 a does not have a function for generating print data from document data, the relay device 30 acquires document data from the cloud service providing device 40 a, converts the acquired document data into print data having a format that is printable by the client device 10 a, and provides the print data to the client device 10 a. Thus, the document data managed by the cloud service providing device 40 a may be printed and output from the client device 10 a.

The user performs the processing illustrated in FIG. 5 in advance to allow the relay device 30 to have access privilege to the cloud service providing device 40 a specified by the user ID.

Next, referring to FIG. 9, the user inputs their user ID to the client device 10 a by, for example, causing the client device 10 a to read a card medium storing the user ID, and further operates the operation unit 13 to make a request for a list of cloud services. The controller 11 of the client device 10 a accepts the operation, and transmits a service list request to the relay device 30 (step S41). In response to the request, the controller 31 of the relay device 30 transmits a service list to the client device 10 a (step S42). When the user performs an operation of specifying a data printing service from the service list displayed on the display 14 of the client device 10 a, the controller 11 of the client device 10 a accepts the operation (step S43), and transmits a request for access to the data printing service to the relay device 30 (step S44).

Upon receiving the access request, the controller 31 of the relay device 30 performs conversion processing from one language to another (step S45). Specifically, the first abstraction I/F unit 310 performs a process for converting a language interpretable by the client device 10 a into an intermediate language interpretable by the controller 31 of the relay device 30. The information (command) on the printing request supplied from the client device 10 a is also converted into information (command) which requests that the cloud service providing device 40 a acquire document data. Further, the second abstraction I/F unit 320 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into a language interpretable by the cloud service providing device 40 a. The access request including the document acquisition request, which has been subjected to the conversion processes described above, is transmitted to the cloud service providing device 40 a from the communication I/F unit 330 a associated with the cloud service providing device 40 a after an access token corresponding to the user ID is added to the access request (step S46). After verifying the validity of the access token, the cloud service providing device 40 a transmits information on a document data list corresponding to the user ID and available to the user to the relay device 30 in response to the access request (step S47). The document data may be document data held in the cloud service providing device 40 a or may be document data generated based on data obtained as a result of processing performed by the cloud service providing device 40 a. The document data may also be reference information to document data held by another cloud service providing device 40 or a document management device (not illustrated).

Upon receiving the information on the document data list, the controller 31 of the relay device 30 performs conversion processing (step S48). Specifically, the second abstraction I/F unit 320 performs a process for converting the language interpretable by the cloud service providing device 40 a into the intermediate language interpretable by the controller 31 of the relay device 30, and the first abstraction I/F unit 310 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into the language interpretable by the client device 10 a. The information on the document data list subjected to the conversion processes described above is transmitted to the client device 10 a (step S49).

The user refers to the document data list displayed on the display 14 of the client device 10 a, and operates the operation unit 13 to specify desired document data to be printed using the client device 10 a. Upon accepting this operation (step S50), the controller 11 of the client device 10 a transmits information on a request for printing the specified document data to the relay device 30 (step S51). Upon receiving the printing request information, the controller 31 of the relay device 30 performs conversion processing from one language to another (step S52). Specifically, the first abstraction I/F unit 310 performs a process for converting the language interpretable by the client device 10 a into the intermediate language interpretable by the controller 31 of the relay device 30. The information on the request for printing the specified document data is also converted into a request for acquiring the specified document data. Further, the second abstraction I/F unit 320 performs a process for converting the intermediate language interpretable by the controller 31 of the relay device 30 into the language interpretable by the cloud service providing device 40 a.

Then, the data subjected to the conversion processes described above (the information on the request for acquiring the specified document data) is transmitted to the cloud service providing device 40 a from the communication I/F unit 330 a associated with the cloud service providing device 40 a after an access token corresponding to the user ID described above is added to the data (step S53). Upon receiving the information on the request for acquiring the document data which has been converted by the relay device 30, the cloud service providing device 40 a verifies the validity of the access token and then starts to perform acquisition request processing for the document data specified by the user (step S54). Then, the cloud service providing device 40 a transmits the specified document data to the relay device 30 (step S55). The controller 31 of the relay device 30 performs print data generation processing on the document data transmitted from the cloud service providing device 40 a to convert the document data into print data having a format printable by the client device 10 a. Further, the controller 31 performs processing for converting the intermediate language interpretable by the controller 31 of the relay device 30 into the language interpretable by the client device 10 a in a manner similar to that in step S48 (step S56). Then, the controller 31 transmits the generated print data and the information represented in the language interpretable by the client device 10 a to the client device 10 a (step S57). The controller 11 of the client device 10 a prints and outputs the received print data from the image forming/reading unit 15 (step S58).

In the example of the data printing service described above, any document data is specified from a document data group held, generated, and managed by one of the cloud service providing device 40, e.g., the cloud service providing device 40 a, and is printed. Alternatively, desired document data may be retrieved from a document data group held, generated, and managed by plural cloud service providing devices 40, and plural pieces of document data may be acquired from plural different cloud service providing devices 40 and printed. A specific example will be described hereinafter.

The relay device 30 registers itself in advance in federation with the plural cloud service providing devices 40 a, 40 b, and 40 c, and the user accesses the plural cloud service providing devices 40 a, 40 b, and 40 c to log in from the PC 100 a via the relay device 30. Accordingly, the relay device 30 stores the user ID and access tokens issued by the cloud service providing devices 40 a, 40 b, and 40 c in the memory 33 in association with each other.

The user inputs their user ID from the client device 10 a, and makes a request for a data printing service. When a request for searching for document data to be printed and the search key (such as the document name or information added to the document) are transmitted from the client device 10 a to the relay device 30, the controller 31 of the relay device 30 converts the language with which the request for searching the document data to be printed, which has been received from the client device 10 a, is represented into a language with which the request for searching for the document data is represented, which is interpretable by each of the cloud service providing devices 40 a, 40 b, and 40 c, and requests each of the cloud service providing devices 40 a, 40 b, and 40 c to search for the document data.

The controller 31 of the relay device 30 receives information on the found document data from the respective cloud service providing devices 40 in the corresponding languages, and converts the languages into an intermediate language interpretable by the relay device 30. Then, the controller 31 generates information on a document data list that matches the search condition from the document data held and managed by each of the cloud service providing devices 40 a, 40 b, and 40 c, converts the generated information into information represented in the language interpretable by the client device 10 a, and transmits the resulting information to the client device 10 a. In this case, the controller 31 stores information indicating which cloud service providing device 40 the acquired document data has been held and managed by.

In the client device 10 a, document data to be printed is specified by using the operation unit 13 from the received information on the document data list, and a printing instruction is made. In response to the printing instruction, the client device 10 a transmits information identifying the specified document data and the printing instruction information to the relay device 30. The controller 31 of the relay device 30 converts the language with which the received information is represented, and specifies document data instructed to be printed by the client device 10 a. The controller 31 refers to the information indicating which cloud service providing device 40 the specified document data is held and managed by, and requests the cloud service providing devices 40 that hold and manage the specified document data to acquire document data.

In response to this acquisition request, each of the cloud service providing devices 40 transmits document data to the relay device 30. The controller 31 of the relay device 30 converts the document data acquired from each of the cloud service providing devices 40 into print data, and transmits the print data to the client device 10 a. The client device 10 a prints and outputs the print data. Accordingly, a printing request is made by the client device 10 a after the search condition for the document data to be printed is input, thus allowing document data to be searched for across the plural cloud service providing devices 40 and to be printed. In addition to the search across the plural cloud service providing devices 40, pieces of document data held in the plural cloud service providing devices 40 may be collectively printed by batch.

Cloud services are not limited to those in the example according to the exemplary embodiment, and may include, for example, a service for performing image recognition, a service for converting the format of image data, and a service for managing the flow of information processing. The program executed by the client device 10, the relay device 30, and the cloud service providing device 40 may be provided by being recorded on a recording medium such as a magnetic tape, a magnetic disk, a floppy disk, an optical recording medium, a magneto-optical recording medium, a compact disk (CD), a digital versatile disk (DVD), or a RAM.

The foregoing description of the exemplary embodiment of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations will be apparent to practitioners skilled in the art. The embodiment was chosen and described in order to best explain the principles of the invention and its practical applications, thereby enabling others skilled in the art to understand the invention for various embodiments and with the various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the following claims and their equivalents. 

What is claimed is:
 1. A relay device comprising: an identification information acquisition unit that acquires user identification information for allowing the relay device to identify a user; a privilege information acquisition unit that acquires privilege information from a service providing device which provides a service to a client device used by the user, the privilege information indicating that access to the service providing device is authorized; a memory that stores the user identification information acquired by the identification information acquisition unit and the privilege information acquired by the privilege information acquisition unit in association with each other; and a controller that, upon receiving a service processing request made to the service providing device, the service processing request being transmitted together with the user identification information from the client device, controls the service providing device to perform communication processing corresponding to the service processing request using the privilege information stored in association with the user identification information.
 2. The relay device according to claim 1, further comprising: a transfer unit that, upon receiving from a communication device different from the client device an access request made to the service providing device, transfers the access request to the service providing device, wherein the privilege information acquisition unit acquires the privilege information from the service providing device, the privilege information being issued by the service providing device in accordance with the access request transferred by the transfer unit after login authentication of the user has been performed.
 3. The relay device according to claim 1, wherein, upon receiving data on a service processing request made to the service providing device from the client device, the data including the user identification information, the controller adds the privilege information stored in association with the user identification information to the data, and transmits the data having the privilege information added thereto to the service providing device.
 4. The relay device according to claim 1, wherein, upon receiving data including the privilege information from the service providing device, the controller adds the user identification information stored in association with the privilege information to the data, and transmits the data having the user identification information added thereto to the client device.
 5. A non-transitory computer readable medium storing a program causing a computer to execute a process, the process comprising: acquiring user identification information for allowing a relay device to identify a user; acquiring privilege information from a service providing device which provides a service to a client device used by the user, the privilege information indicating that access to the service providing device is authorized; storing the acquired user identification information and the acquired privilege information in association with each other; and upon receiving a service processing request made to the service providing device, the service processing request being transmitted together with the user identification information from the client device, controlling the service providing device to perform communication processing corresponding to the service processing request using the privilege information stored in association with the user identification information.
 6. A relay method comprising: acquiring user identification information for allowing a relay device to identify a user; acquiring privilege information from a service providing device which provides a service to a client device used by the user, the privilege information indicating that access to the service providing device is authorized; storing the acquired user identification information and the acquired privilege information in association with each other; and upon receiving a service processing request made to the service providing device, the service processing request being transmitted together with the user identification information from the client device, controlling the service providing device to perform communication processing corresponding to the service processing request using the privilege information stored in association with the user identification information. 